O365 PS: Test for group membership in loop...


I just got very good help here with my PS script to manage groups in O365.  Now I have an additional question about if it is possible to filter members according to group membership.  I have the following working code which fetches the members in distribution groups 'SourceGroup" and "TargetGroup", then removes all these members from TargetGroup and finally copies all members from 'SourceGroup' into 'TargetGroup:

        $SourceGroupMembers = Get-MsolGroupMember -GroupObjectId $SourceObjectID 
        $TargetGroupMembers = Get-DistributionGroupMember -Identity $TargetGroup.PrimarySmtpAddress 
        $TargetGroupMembers | % { Remove-DistributionGroupMember -Identity $TargetGroup.PrimarySmtpAddress  -Confirm:$false -Member $_.PrimarySmtpAddress }
        $SourceGroupMembers | foreach { Add-DistributionGroupMember -Identity $TargetGroup.PrimarySmtpAddress  -Member $_.EmailAddress } 

Open in new window

This works fine, but now my boss says that he wants to exclude users that are members of a security group 'MyGroup' to be copied using Add-DistributionGroupMember.  I.e. that only SourceGroup members not being members of MyGroup should be added as members of TargetGroup.

How can I achieve that in PS..?

regards Tor
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vasil Michev (MVP)Commented:
Bosses tend to overcomplicate things... Easiest/fastest way to get DG membership for a particular person is via:

Get-Recipient -Filter {Members -eq 'CN=user,OU=tenant.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=EURPR03A001,DC=prod,DC=outlook,DC=com'}

Open in new window

So you can parse the output of that cmdlet and check if the user is a member of "MyGroup".

If that's a 'regular' security group however (not mail-enabled), the Exchange cmdlets will not help and you will have to use the MSOL ones instead. So you can do something like this:

Get-MsolGroupMember -GroupObjectId a1813eff-a80b-4ac9-bbdc-8e0821b76809  | ? {$_.EmailAddress -eq "user@domain.com"}

Open in new window

where you provide the ObjectID of MyGroup and the UPN of the user recursevely. The last part of the script will be something like:

foreach ($SourceGroupMember in $SourceGroupMembers) {

    if (-not (Get-MsolGroupMember -GroupObjectId a1813eff-a80b-4ac9-bbdc-8e0821b76809  | ? {$_.EmailAddress -eq $SourceGroupMember.EmailAddress})) {

        Add-DistributionGroupMember -Identity $TargetGroup.PrimarySmtpAddress  -Member $_.EmailAddress

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
datatorAuthor Commented:
It appeared that $_.EmailAddress was empty.  When I used another variable that held the email address, it worked.  Thanks a lot!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.